The Virtual Bookcase for browsing and sharing reviews of books. New to this site? Read the welcome page first. | |
 |
Home Recent reviews Collected book news Welcome to this site Add your own book |
Book details of 'A Practical Guide to Managing Information Security (Artech House Technology Management Library)'
| Title | A Practical Guide to Managing Information Security (Artech House Technology Management Library) |
| Author(s) | Steve Purser |
| ISBN | 1580537022 |
| Language | English |
| Published | April 2004 |
| Publisher | Artech House Publishers |
Back to shelf Business and Management
Amazon.com info for A Practical Guide to Managing Information Security (Artech House Technology Management Library)
The Virtual Bookcase Reviews of 'A Practical Guide to Managing Information Security (Artech House Technology Management Library)':
Reviewer James Farnell wrote:This is a great book for practical advice and I'd recommend it to anyone who needs to get to set up and manage a long term approach to securing systems. It contains a lot of interesting tips and ideas, but only focusses on the management side of things. Really worth while for people who need management guidance but don't buy it if your looking for technical advice.
Reviewer Rob Slade wrote:
After years of reviewing security books there were a number of red warning flags in the preface: the perception that a book was needed to address the "entire" subject of security, an insistence on a "pragmatic" and management oriented approach, and the use of a "fictitious but realistic case study" to support the arguments in the work. The final omen came in the author's bio on the back cover: he's a banker. Chapter one is a vague statement that the information technology world is getting riskier, but states outright the irresponsible notion that it is better to provide a less secure product to customers as long as that reduces your "time to market." This is backed up by a great deal of waffling managementspeak that boils down to the idea that we have to learn to work faster *and* cheaper *and* better *and* smarter. The footnotes and references intended to demonstrate that this is a scholarly and researched effort are, instead, a grab bag of varying origin and quality, indicating that the author isn't really familiar with security literature, and used whatever he happened to read. A few security information sources and generic advice on planning is in chapter two. The taxonomy of technical tools, in chapter three, contains no entries for accounting, application development, operations, physical security, assurance, or business continuity, thus indicating the enormous gaps in this work. The artificial structure imposed on the list works against an integrated view of the tools: Purser obviously doesn't understand intrusion detection divisions, or that host-based and net-based systems both provide details--but of differing views. In chapter four, Purser obviously thinks that he is giving us new insight into security assessment, when all that is really being delivered is a generic project planning cycle. Similarly, chapter five deals with business and threat analysis. A vague review of policy documents is in chapter six. Chapter seven takes on that wonderful buzzphrase, "process re-engineering," having almost nothing to do with security at all. A planning cycle comes up again when chapter eight supposedly looks at security architecture. Chapter nine covers security training, in an overly formal way. This book adds almost nothing to the existing security literature, except for a lot of management directed verbiage. copyright Robert M. Slade, 2004
Add my review for A Practical Guide to Managing Information Security (Artech House Technology Management Library)